Help for snmp monitoring

[Topaz]

Hi,

I need to configure snmp monitoring on OmniSwitchs 6450 and 6900 and some Cisco Switches Catalyst 6900 too, using OmniVista 2500 NMS 4.2.1.R01 MR (Build 85, 01/24/2017)

I'm pretty new in the snmp world and after reading tons of websites and forums, I have to say that I need some help

To specify a bit what I need is to configure snmpv2 on both Alcatel/Cisco switchs and to configure some essential traps like :

up or down status / ports status / CPU (load) / heat / traffic / firmware

Can someone spend some time trying to help me?

Best regards

[silvio]

For Alcatel-Switches all the traps (beside port up/down) are per default enabled.
I prefere to configure snmpv3 instead of v2.

here are the the necessary commands for snmpv1/v2 - and some helpful commands (all R6 - is similar for R8)

Code: Select all

aaa authentication snmp local
aaa authentication ssh local
user OV-READ password OV-READ-PW read-only all no auth
snmp community map public user OV-READ
user OV-WRITE password OV-WRITE-PW read-write all no auth
snmp community map private user OV-WRITE
snmp security no security
snmp station 10.10.254.1 OV-WRITE v1|v2 enable 
system name XXX
system location YYY

and same for snmpv3

Code: Select all

aaa authentication snmp local
aaa authentication ssh local
user SNMPV3 password SNMPV3PW read-write all sha+des
snmp station 10.10.254.1 SNMPV3 v3 enable
system name XXX 
system location YYY

also this is helpful

Code: Select all

snmp trap absorption disable
ntp server 172.20.7.1 
ntp client enable

I have the config for switches similar to cisco

Code: Select all

snmp-server engineID local default
snmp-server group v2-group v2 write v2-string read v2-string
snmp-server user v2-user v2-group
snmp-server community v2-string su 10.254.254.1

for OmniSwitches to activate port-trap:

Code: Select all

trap 1/1 port link enable

regards
Silvio

[Topaz]

Thank you very much for this answer silvio !

It is surprising,I would have thought that snmpv3 would take longer to configure than older versions. In any case I thank you for that.
The "snmp trap absorption disable" command is used to avoid overloading traps?

And may I ask you : are you sure about the "su" in this command : "snmp-server community v2-string su 10.254.254.1"

I will try this as soon as possible and will write back to you

Best regards

[Topaz]

I tried to input a Cisco Switch in OV using Topology and entered manually his IP address
OV tells me the switch is up but with a warning (orange), after checking in the notifications pannel, I can see that I get a notification every 30 seconds which looks like this :

Name
.1.3.6.1.4.1.9.9.41.2.0.1
Synopsis
.1.3.6.1.4.1.9.9.41.1.2.3.1.2.180430=IP,.1.3.6.1.4.1.9.9.41.1.2.3.1.3.180430=5,.1.3.6.1.4.1.9.9.41.1.2.3.1.4.180430=DUPADDR,.1.3.6.1.4.1.9.9.41.1.2.3.1.5.180430=Duplicate address 50.112.135.22 on Vlan1, sourced by 2cfa.a285.d25f,.1.3.6.1.4.1.9.9.41.1.2.3.1.6.180430=64 days, 16:40:50.52
Agent IP
(xxxxx)
Agent Name
(xxxxx)
Date Time
Dec 18, 2017 4:35:00 am
Severity
Normal
Acknowledged
False
Description
Up Time
9 weeks 1 day 16 hours 40 minutes 50 seconds
Source IP
(xxxxx)
Trap OID
.1.3.6.1.4.1.9.9.41.2.0.1

If I acknowledge the notification, that take effect on only one notification, so the warning is still here

On the Cisco switch side, here is a copy of the running conf includes "snmp" words :

snmp-server engineID local 800000090300588D09D9DF90
snmp-server community carsat-rouen RO
snmp-server location salle reseau
snmp-server contact NextiraOne
snmp-server enable traps snmp linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps flash insertion removal
snmp-server enable traps cpu threshold
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server enable traps mac-notification change move threshold
snmp-server host 50.112.135.187 version 2c carsat-rouen
snmp ifmib ifindex persist

Also, OV seems to not recognize this switch properly, it says in status information that traps are not configurable for this switch and there's no ports available, and no links neither (it's a stack)

What could I do to fix that ?

thanks
kind regards

Tpz

[silvio]

The "snmp trap absorption disable" command is used to avoid overloading traps?

absorbtion enable is to avoid this - same traps within 15 sec will bei absorbed to one trap. But this means delay of 15 sec and also the trap description in OV in not so clear (like not absorbed trap".

And may I ask you : are you sure about the "su" in this command : "snmp-server community v2-string su 10.254.254.1"

This was for OS6200 (older switch from Alcatel with cli similar to cisco). Su was nessesary there.

[silvio]

DUPADDR,.1.3.6.1.4.1.9.9.41.1.2.3.1.5.180430=Duplicate address 50.112.135.22 on Vlan1, sourced by 2cfa.a285.d25f,.1.3.6.1.4.1.9.9.41.1.2.3.1.6.180430=64 days, 16:40:50.52

I hope you have checked it... the message is comming from the cisco. Can you see the same info in the cisco log every 30 sec. I yes than you have to find out the issue in you network. But sometimes it occures that OV received also "old" messages again and again. per default the "Use Trap Replay Polling" in the OV settings are enabled. You can try to disable this.

Also, OV seems to not recognize this switch properly, it says in status information that traps are not configurable for this switch and there's no ports available, and no links neither (it's a stack)

Maybe you need more cisco MIBs (you can import them into OV).
regards
Silvio